Information About the Domain

You must create a domain name for Cisco Nexus 1000V and then add control and packet VLANs for communication and management. This process is part of the initial setup of the a Cisco Nexus 1000V when installing the software. If you need to create a domain later, you can do so using the
setup
command or the procedures described in this chapter.

About Layer 3 Control

Layer 3 control, or IP connectivity, is supported between the VSM and VEM for control and packet traffic. With Layer 3 control, a VSM can be Layer 3 accessible and control hosts that reside in a separate Layer 2 network. All hosts controlled by a VSM, however, must still reside in the same Layer 2 network. Since a VSM cannot control a host that is outside of the Layer 2 network it controls, the host on which it resides must be controlled by another VSM.

To implement Layer 3 control, you must make the following configurations:

Guidelines and Limitations

The VSM domain has the following configuration guidelines and limitations:

UDP port 4785 is required for Layer 3 communication between the VSM and VEM. If you have a firewall in your network, and are configuring Layer 3 control, then make sure UDP port 4785 is open on your upstream switch or firewall device. For more information, see the documentation for your upstream switch or firewall device.

In a Layer 2 network, you can switch between the Layer 2 and Layer 3 transport modes, but when you do so, the modules may be out of service briefly.

The capability attribute (Layer 3 control) cannot be inherited from the port profile.

Different hosts can use different VLANs for Layer 3 control.

A port profile used for Layer 3 control must be an access port profile. It cannot be a trunk port profile.

We recommend that if you are using the VMware kernel NIC for Layer 3 Control, you do not use it for any other purpose. For example, do not also use the Layer 3 Control VMware kernel NIC for VMotion or NFS mount.

Control VLANs, packet VLANs, and management VLANs must be configured as regular VLANs and not as private VLANs.

If you have a firewall in your network, ensure that TCP ports 80 and 443 are open for traffic destined to the vCenter Server and TCP port 80 is open for traffic destined to the Cisco Nexus 1000V Virtual Supervisor Module (VSM).

Creating a Domain

Use this procedure to create a domain name for the Cisco Nexus 1000V that identifies the VSM and VEMs; and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when installing the software. If you need to create a domain after initial setup, you can do so using this procedure.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

If two or more VSMs share the same control and/or packet VLAN, the domain helps identify the VEMs managed by each VSM.

You are logged in to the CLI in EXEC mode.

You must have a unique domain ID for this Cisco Nexus 1000V instance.

You must identify the VLANs to be used for control and packet traffic.

We recommend using one VLAN for control traffic and a different VLAN for packet traffic.

We recommend using a distinct VLAN for each instances of Cisco Nexus 1000V (different domains)

The
svs mode
command in the SVS Domain Configuration mode is not used and has no effect on a configuration.

For information about changing a domain ID after adding a second VSM see the
Cisco Nexus 1000V High Availability and Redundancy Configuration Guide, Release 4.2(1)SV1(4)
.

SUMMARY STEPS

1.
config t

2.
svs-domain

3.
domain id domain-id

4.
control vlan vlan-id

5.
packet vlan vlan-id

6.
exit

7.
show svs domain

8.
copy running-config startup-config

DETAILED STEPS

Command

Purpose

Step 1

config t

Example:

n1000v# config t

n1000v(config)#

Places you into CLI Global Configuration mode.

Step 2

svs-domain

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you into the SVS Domain Configuration mode.

Step 3

domain id number

Example:

n1000v(config-svs-domain)# domain id 100

n1000v(config-svs-domain)#

Creates the domain ID for this Cisco Nexus 1000V instance.

Step 4

control vlan number

Example:

n1000v(config-svs-domain)# control vlan 190

n1000v(config-vlan)#

Assigns the control VLAN for this domain.

Step 5

packet vlan number

Example:

n1000v(config-vlan)# packet vlan 191

n1000v(config-vlan)#

Assigns the packet VLAN for this domain.

Step 6

show svs domain

Example:

n1000v(config-vlan)# show svs domain

Displays the domain configuration.

Step 7

exit

Example:

n1000v(config-vlan)# exit

n1000v(config)#

Returns you to CLI Global Configuration mode.

Step 8

copy running-config startup-config

Example:

n1000v(config)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Example:

n1000v# config t

n1000v(config)# svs-domain

n1000v(config-svs-domain)# domain id 100

n1000v(config-svs-domain)# control vlan 190

n1000v(config-svs-domain)# packet vlan 191

n1000v(config-vlan)# exit

n1000v (config)# show svs domain

SVS domain config:

Domain id: 100

Control vlan: 190

Packet vlan: 191

L2/L3 Aipc mode: L2

L2/L3 Aipc interface: mgmt0

Status: Config push to VC successful.

n1000v(config)#

n1000v(config)# copy run start

[########################################] 100%

n1000v(config)#

Changing to Layer 3 Transport

Use this procedure to change the transport mode from Layer 2 to Layer 3 for the VSM domain control and packet traffic.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

This procedure requires you to disable the control and packet VLANs. You cannot change to Layer 3 Control before disabling the control and packet VLANs.

You have already configured the Layer 3 interface (mgmt 0 or control 0) and assigned an IP address.

When control 0 is used for Layer 3 transport, proxy-arp must be enabled on the control 0 VLAN gateway router.

Displays the existing domain configuration, including control and packet VLAN IDs.

Step 2

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 3

svs-domain

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you in the CLI SVS Domain Configuration mode.

Step 4

no packet vlan

Example:

n1000v(config-svs-domain)# no packet vlan

n1000v(config-svs-domain)#

Removes the packet VLAN configuration.

Step 5

no control vlan

Example:

n1000v(config-svs-domain)# no control vlan

n1000v(config-svs-domain)#

Removes the control VLAN configuration.

Step 6

show svs domain

Example:

n1000v(config)# show svs domain

SVS domain config:

Domain id: 100

Control vlan: 1

Packet vlan: 1

L2/L3 Control mode: L2

L2/L3 Control interface: NA

Status: Config push to VC successful.

switch(config-svs-domain)#

Displays the existing domain configuration, with the default control and packet VLAN IDs.

Step 7

svs mode L3 interface { mgmt0 | control0 }

Example:

n1000v(config-svs-domain)# svs mode l3 interface mgmt0

n000v(config-svs-domain)#

Configures Layer 3 transport mode for the VSM domain.

If configuring Layer 3 transport, then you must designate which interface to use; and the interface must already have an IP address configured.

This example shows how to configure Layer 3 transport over the management 0 interface.

Step 8

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 1

Packet vlan: 1

L2/L3 Control mode: L3

L3 control interface: mgmt0

Status: Config push to VC successful.

n1000v(config-svs-domain)#

(Optional) Displays the new Layer 3 control mode configuration for this VSM domain.

Step 9

copy running-config startup-config

Example:

n1000v(config-svs-domain)# copy running-config startup-config

[########################################] 100%

n1000v(config-svs-domain)#

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Changing to Layer 2 Transport

Use this procedure to change the transport mode to Layer 2 for the VSM domain control and packet traffic. The transport mode is Layer 2 by default, but if it is changed, you can use this procedure to configure it again as Layer 2.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

This procedure requires you to configure a control VLAN and a packet VLAN. You cannot configure these VLANs if the VSM domain capability is Layer 3 Control. You will first change the capability to Layer 3 Control, and then configure the control VLAN and packet VLAN.

SUMMARY STEPS

1.
show svs domain

2.
config t

3.
svs-domain

4.
svs mode L2 | svs mode L3 interface { mgmt0 | control0 }

5. show svs domain

6. copy running-config startup-config

DETAILED STEPS

Command

Purpose

Step 1

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 1

Packet vlan: 1

L2/L3 Control mode: L3

L3 control interface: mgmt0

Status: Config push to VC successful.

n1000v(config-svs-domain)#

Displays the existing domain configuration, including control and packet VLAN IDs and the Layer 3 interface configuration.

Step 2

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 3

svs-domain

Example:

n1000v(config)# svs-domain

n1000v(config-svs-domain)#

Places you in the CLI SVS Domain Configuration mode.

Step 4

svs mode L2

Example:

n1000v(config-svs-domain)# svs mode l2

n000v(config-svs-domain)#

Configures Layer 2 transport mode for the VSM domain.

Step 5

control vlan
vlanID

Example:

n1000v(config-svs-domain)# control vlan 100

Configures the specified VLAN ID as the control VLAN for the VSM domain.

Step 6

packet vlan
vlanID

Example:

n1000v(config-svs-domain)# packet vlan 101

Configures the specified VLAN ID as the packet VLAN for the VSM domain.

Step 7

show svs domain

Example:

SVS domain config:

Domain id: 100

Control vlan: 100

Packet vlan: 101

L2/L3 Control mode: L2

L3 control interface: NA

Status: Config push to VC successful.

n1000v(config-svs-domain)#

(Optional) Displays the new Layer 2 control mode configuration for this VSM domain.

Step 8

copy running-config startup-config

Example:

n1000v(config-svs-domain)# copy running-config startup-config

[########################################] 100%

n1000v(config-svs-domain)#

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Creating a Port Profile for Layer 3 Control

Use this procedure to allow the VSM and VEM to communicate over IP for control and packet traffic.

The VEM VM kernel NIC must connect to this Layer 3 control port profile when adding the host to the Cisco Nexus 1000V DVS.

Only one VM kernel NIC can be assigned to this Layer 3 control port profile per host.

You know the VLAN ID for the VLAN you are adding to this Layer 3 control port profile.

– The VLAN must already be created on the Cisco Nexus 1000V.

– The VLAN assigned to this Layer 3 control port profile must be a system VLAN.

– One of the uplink ports must already have this VLAN in its system VLAN range.

The port profile must be an access port profile. It cannot be a trunk port profile. This procedure includes steps to configure the port profile as an access port profile.

More than one port profile can be configured as
capability L3 control
.

Different hosts can use different VLANs for Layer 3 control.

SUMMARY STEPS

1.
config t

2. port-profile
name

3. capability l3control

4. vmware port-group [
name
]

5. switchport mode access

6. switchport access vlan
vlanID

7. no shutdown

8. system vlan
vlanID

9. state enabled

10. (Optional)
show port-profile
name

11. (Optional) copy running-config startup-config

DETAILED STEPS

Command

Purpose

Step 1

config t

Example:

n1000v# config t

n1000v(config)#

Places you in the CLI Global Configuration mode.

Step 2

port-profile name

Example:

n1000v(config)# port-profile l3control-150

n1000v(config-port-prof)#

Creates a port profile and places you into Port Profile Configuration mode for the named port profile.

The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Step 3

capability
l3control

Example:

n1000v(config-port-prof)# capability l3control

n1000v(config-port-prof)#

Allows the port to be used for IP connectivity.

In vCenter Server, the Layer 3 control port profile must be selected and assigned to the VM kernel NIC physical port.

Step 4

vmware port-group [
name
]

Example:

n1000v(config-port-prof)# vmware port-group

n1000v(config-port-prof)#

Designates the port-profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name. When a vCenter Server connection is established, the port group created in Cisco Nexus 1000V is then distributed to the virtual switch on the vCenter Server.

name: Port group name. If you do not specify a name, then the port group name will be the same as the port profile name. If you want to map the port profile to a different port group name, use the alternate name.

Step 5

switchport mode
access
]

Example:

n1000v(config-port-prof)# switchport mode access

n1000v(config-port-prof)#

Designates that the interfaces are switch access ports (the default).

Step 6

switchport access vlan
vlanID

Example:

n1000v(config-port-prof)# switchport access vlan 150

n1000v(config-port-prof)#

Assigns the system VLAN ID to the access port for this Layer 3 control port profile.

Step 7

no shutdown

Example:

n1000v(config-port-prof)# no shutdown

n1000v(config-port-prof)#

Administratively enables all ports in the profile.

Step 8

system vlan
vlanID

Example:

n1000v(config-port-prof)# system vlan 150

n1000v(config-port-prof)#

Adds the system VLAN to this Layer 3 control port profile.

This ensures that, when the host is added for the first time or rebooted later, the VEM will be able to reach the VSM. One of the uplink ports must have this VLAN in its system VLAN range.

Step 9

state enabled

Example:

n1000v(config-port-prof)# state enabled

n1000v(config-port-prof)#

Enables the Layer 3 control port profile.

The configuration for this port profile is applied to the assigned ports, and the port group is created in the VMware vSwitch on the vCenter Server.

Step 10

show port-profile name
name

Example:

n1000v(config-port-prof)# show port-profile name l3control-150

port-profile l3control-150

description:

type: vethernet

status: enabled

capability l3control: yes

pinning control-vlan: 8

pinning packet-vlan: 8

system vlans: 150

port-group: l3control-150

max ports: 32

inherit:

config attributes:

switchport mode access

switchport access vlan 150

no shutdown

evaluated config attributes:

switchport mode access

switchport access vlan 150

no shutdown

assigned interfaces:

n1000v(config-port-prof)#

(Optional) Displays the current configuration for the port profile.

Step 11

copy running-config startup-config

Example:

n1000v(config-port-prof)# copy running-config startup-config

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

Creating a Control VLAN

Use this procedure to add a control VLAN to the domain.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

If Layer 3 Control is configured on your VSM, you can not create a control VLAN. You must first disable Layer 3 Control.

You have already configured and enabled the required switched virtual interface (SVI) using the document,
Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4a)
The SVI is also called the VLAN interface and provides communication between VLANs.

You are familiar with how VLANs are numbered. For more information, see the document,
Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4)
.

Creating a Packet VLAN

Use this procedure to add the packet VLAN to the domain.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

You have already configured and enabled the required switched virtual interface (SVI) using the document,
Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(4a)
.
The SVI is also called the VLAN interface and provides communication between VLANs.

You are familiar with how VLANs are numbered. For more information, see the document,
Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4)
.